Have Lots of AWS Accounts
18 hours ago
- #Cloud Security
- #Infrastructure Isolation
- #AWS Best Practices
- Having multiple AWS accounts enhances security, reliability, and compliance by providing strong isolation.
- AWS accounts are the most complete form of isolation in AWS, predating IAM and forming the foundation of AWS Organizations.
- Isolation reduces the blast radius of changes, improves control over AWS service limits, and avoids high-stakes tagging requirements.
- IAM policies in a single account can lead to overprivileged roles, making it hard to restrict access to specific resources.
- Multiple accounts help in managing quotas effectively, avoiding scenarios where one service consumes most of the quota.
- Cross-account access can be managed using IAM roles and policies, with services like KMS and S3 supporting direct cross-account actions.
- Shared VPCs across accounts simplify networking without per-byte taxes and maintain zonal architecture clarity.
- Multiple accounts simplify compliance by naturally isolating production and staging environments.
- Cost management is easier with multiple accounts as each account's usage is clearly itemized in the AWS bill.
- Using multiple accounts defaults to isolation, making security, reliability, and compliance more manageable.